We have a issue by latency when logging in to our network . It takes between 5-10 minutes from the computer is startet until I am logged in. I have done a wireshark capture from start of the computer until the login process is finished. How is the best way to analyze the traffic to determine the latency. I wish to find out if the latency belongs to LAN switching, applications & Protocols,server traffic(late response). Our environment is Windows XP 3(workstation), mixed novell(file & print) and microsoft AD. Computers are members of AD. asked 01 Mar '11, 01:06 AMO |
2 Answers:
The first things you need to find out are:
That will give you an idea of where the problem might lie. And it also will give you clues anout where to look for in your trace file. Especially if not all users are affected, a comparison between the trace files of a bad and a good login session if valuable. When analyzing the trace file at hand. I would look at the following things:
It's not easy to give a list of actions to take to pinpoint the problem as there are just to many variables. It's a combination of experience and 'art' to analyze trace files :-) answered 01 Mar '11, 01:27 SYN-bit ♦♦ |
Another great features in Wireshark that helps in your quest is the Service Response Time: (Statistics -> Service Response Time ...)
You might want to check, if users wait for the PC to boot (i. e. power on until login box shows) or for the login (i. e. clicked OK, then wait until the desktop is ready). The time from power on to login box can identified as followed: First locate the DHCP request (filter bootp) and set a time reference to the DHCP discover or request. Next look out for a Kerberos message where the message-type is AS-REQ and the client name is the user. A good filter is kerberos.msg.typ == 10 If the client principal matches the user name you have identified the time when the user clicked the OK button in the login-box. The time from login to "Desktop ready" can be influenced by a number of factors. Roaming can be a pain, if a user decides to keep his collection of ISO images under "My Documents". Another factor to consider is the number of policies, that are applied. NB: The AS-REQ is also shown, if a local service is started with the username NB2: Depending on your configuration the login box can show up before all policies are loaded answered 01 Mar '11, 07:01 packethunter edited 29 Jun '17, 07:18 cmaynard ♦♦ |
The most interesting part is from that point when username and password is entered and Ok is pressed. And then look at the packets from that point and to desktop ready. I will try to set a timereference.
This latency occurs for several hundreds computers. So I do not believe that collection of huge files under "My documents" cause the problem. We do not use roaming profiles.
As you mention, I will also try to look at service responsetime from a trace close to the client. Interesting tip I will try: Statistics -> Service Response Time ...
I appreciate any tip from you.
(converted your "answer" to a "comment" to adhere to the Q&A nature of this site)